iptables-legacy has not been configured as an alternative for iptables
Same issue that 1.19's kube-proxy is having: https://repo1.dsop.io/dsop/opensource/kubernetes-1.19/kube-proxy-1.19/-/issues/3
1 proxier.go:1562] Failed to execute iptables-restore: exit status 2 (/usr/sbin/iptables-legacy has not been configured as an alternative for iptables
I temporarily swapped out with the public kube-proxy of the same version (currently 1.18.12) and that error goes away, then as expected my cni, dns, everything comes up and was stuck because of this. In addition heres the update alternatives lists of the public/working image:
kubectl exec -it kube-proxy-plq44 -n kube-system -- /bin/sh
# update-alternatives --list iptables
/usr/sbin/iptables-legacy
/usr/sbin/iptables-nft
/usr/sbin/iptables-wrapper
# [root@ip-10-42-20-185 ~]# kubectl exec -it kube-proxy-plq44 -n kube-system -- /bin/sh
# update-alternatives --list ip6tables
/usr/sbin/ip6tables-legacy
/usr/sbin/ip6tables-nft
/usr/sbin/iptables-wrapper
I'm not sure if something is missing from upstream.